I don't know if the real problem of certipost is standard compliance or
accessibility from various platform, operating system, browser.
One of the issue is the link with the electronic id card... (Who is the
certification authority? Who choosed or created the public/private key?
Are there potential copy of my private key under somebody else control?
When I authenticate using the electronic id card, how can I know I am
not signing a message [it is the same PIN and same card], ...)
My problem is that we can not assume the same thing from electronic mail
(or web form of it) than from paper mail.
With a web version, it is not because I have click on the mail or pdf
that I was able to read it. My computer could have crash, maybe I don't
support that format, maybe my connexion was disconnected, ... However
certipost might assume I readed it.
If send by email, then how can one have a garantee that a mail as been
received. There are no requirement for acknowledgment in SMTP, you don't
have the same relyability than in X.400.
It is a lot easyer to hack my electronic mailbox than to hack my paper
mailbox. If one break the secrecy of my paper mailbox, it is easy to
bring him to justice, but with electronic, proof are hard to get.
For those that understand frech, I documented things mostly on those two
wiki pages:
* http://wiki.ael.be/index.php/IdCardAnalyseCritique
* http://wiki.ael.be/index.php/IdCardQuestions
Not much on Certipost but maybe much on public key infrastructure and
the electonic Id card.
So if don't like certipost, make sure you know why you don't like it. ;-)
David GLAUDE
Ward Vandewege wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> Sorry, blijkbaar klopt de informatie van de Cursor niet volledig. Hier komt
> dat 'windows & IE only' verhaal vandaan:
>>http://www.certipost.be/nl/products/certipost/specs.html>> Maar er staat 'officieel' bij, m.a.w. de rest zou ook kunnen werken. Dat
> blijkt ook hieruit, waar voor Linux & Mac gebruikers het blijkbaar enkel een
> kwestie van de juiste Java versie is:
>>http://www.certipost.be/nl/help/public/browsers/content.jsp?sLanguageCode=nl#1>> mvg,
> Ward.
--
Don't let the computer/expert control the election
Information for Belgium in french: http://www.poureva.be/